<?php
/* $Id: panel_neworderlist.php 70 2011-02-23 08:28:51Z jim2212001@gmail.com $ */
if(!defined('WEBHOME'))
	die ('DO NOT EXECUTE THIS FILE');
if(!isLogin())
	doLogin();
requirePerm(PERM_FOUNDER);
if(hasErr())
	redirectMsg('panel.php');
$avalibleAction=array('orderlist');
$tpl->assign('loadjs',array('page/panel/neworderlist'));
function parseTime($timeStr){
	$timeSeg = explode('/',$timeStr);
	if(count($timeSeg)!=3)
		errMsg(MSG_FORMAT_ERROR);
	return mktime(0,0,0,$timeSeg[1],$timeSeg[2],$timeSeg[0]);
}
if(isset($_GET['action']) && in_array($_GET['action'],$avalibleAction)){
	$page=$page.'_'.$_GET['action'];
	if($_GET['action']=='orderlist'){
		escape_all($_POST);
		$startTime=parseTime($_POST['startTime']);
		$closedTime=parseTime($_POST['closedTime'])+86399;//At the end of the day
		$sql = 'INSERT INTO `orderlist` (`founderId`,`title`,`foundTime`,`startTime`,`closedTime`,`info`,`ip`) '.
		'VALUES (\''.$_SESSION['id'].'\',\''.$_POST['title'].'\',\''.time().'\',\''.$startTime.'\',\''.$closedTime.'\',\''.$_POST['info'].'\',\''.$_SERVER['REMOTE_ADDR'].'\')';
		$db->query($sql,1);
		header('Location: panel.php?page=editlist&id='.$db->insert_id);
	}
}
?>
